Almost every activity on the Internet starts with a DNS query, a key function of the Internet that works as an Internet’s directory where your device looks up for the server IP addresses after you enter a human-readable web address (e.g., thehackernews.com).
Since DNS queries are sent in clear text over UDP or TCP without encryption, the information can reveal not only what websites an individual visits but is also vulnerable to spoofing attacks.
To address these problems, Google announced Wednesday that its Public DNS (Domain Name System) service finally supports DNS-over-TLS security protocol, which means that the DNS queries and responses will be communicated over TLS-encrypted TCP connections.
The DNS-over-TLS has been designed to make it harder for man-in-the-middle attackers to manipulate the DNS query or eavesdrop on your Internet connection.
Launched over eight years ago, Google Public DNS, at IP addresses 220.127.116.11 and 18.104.22.168, is world’s largest public Domain Name Service recursive resolver that most people prefer instead of using default DNS services from their ISPs or carriers.
“Starting today, users can secure queries between their devices and Google Public DNS with DNS-over-TLS, preserving their privacy and integrity,” Google wrote in a blog post.
“Now users can secure their connections to Google Public DNS with TLS, the same technology that protects their HTTPS web connections.”
images from Hacker News